Hackers and Traders Charged by SEC and Department of Justice in International Securities Fraud Scheme
The computer servers of three major newswire companies were allegedly hacked as part of an elaborate illicit stock-trading scheme that resulted in civil charges being filed last week by the Securities and Exchange Commission against 32 defendants. Nine of these persons were also subject to criminal indictments filed in Brooklyn, New York, and Newark, New Jersey, by the US Department of Justice
According to the SEC and the DoJ, Ivan Turchynov and Oleksandr Ieremendo, both from the Ukraine, masterminded the scheme by hacking into the newswire companies’ servers from 2010 through 2015 to steal press releases regarding publicly traded companies before they were made public. Many of these stolen releases contained quarterly and annual earning information. The hackers stole more than 150,000 press releases, claimed the DoJ.
The two hackers worked with a network of traders in the US and abroad who paid the hackers for the stolen information in return for a flat fee or percentage of any trading profits. The SEC said the defendants generated over US $100 million in profits trading on the illicit information.
The newswire companies were Marketwired, L.P., PR Newswire Association LLC and Business Wire. According to the SEC’s complaint in this matter,
The hacker defendants used deceptive means to gain unauthorized access to the Newswire Services’ computer systems, using tactics such as: (a) employing stolen username/password information of authorized users to pose as authorized users; (b) deploying malicious computer code designed to delete evidence of the computer attacks; (c) concealing the identity and location of the computers used to access the Newswire Services’ computers; and (d) using back-door access-modules.
The SEC seeks an injunction and asset freeze against the defendants, as well as damages and disgorgement. The DoJ also seeks penalties from and imprisonment for each defendant.
Compliance Weeds: As I have written before, there are only two types of financial services firms: those that have experienced cybersecurity breaches and addressed them, and those that have experienced cybersecurity breaches and did not know. By now all financial service firms—no matter what size—should have assessed or be in the process of assessing the scope of their data (e.g., customer information, proprietary), potential cybersecurity risk, protective measures in place, consequences of a breach and cybersecurity governance (e.g., how would they react if a breach occurred) in order to evaluate their cybersecurity needs and develop a robust protective program. Engaging an outside consultant to try to penetrate a firm’s system is also advisable, as is ensuring that each third-party service provider that accesses a firm’s data has its own, robust cybersecurity program. (Click here for a detailed discussion of cybersecurity and a comprehensive checklist of practical measures in the June 24, 2015 Advisory “Cyber-Attacks: Threats, Regulatory Reaction and Practical Proactive Measures to Help Avoid Risks” by Katten Muchin Rosenman LLP.)
UK High Court Penalizes Traders GBP 7.5 Million for Layering: The UK High Court imposed a permanent injunction and penalties of over GBP 7.5 million (approximately US $11.8 million) against five defendants for engaging in market abuse in an action brought by the UK Financial Conduct Authority. The defendants are Da Vinci Invest Ltd, Mineworld Ltd, Szabolcs Banya, Gyorgy Szabolcs Brad and Tamas Pornye. The FCA charged that, between August and December 2010, and from February until July 2011, the defendants engaged in manipulative conduct related to shares of stock traded on the electronic trading platform of the London Stock Exchange and multilateral trading facilities. Typically the defendants would enter a mixture of large and small orders on one side of LSE’s order book close to the best bid and offer “but far enough away to minimise the risk that they would be traded.” As prices moved in one direction, other large orders would be placed at prices near the new best bid or offer to encourage the directional move. At some point, the defendants would place a trade on the other side of the market to take advantage of the price move. According to the FCA, “[t]he large ‘layered’ orders, which were never intended to trade and which were used to stimulate the price movement of the relevant shares, were then cancelled and the process would start over again, typically aimed at moving the share price in the opposite direction.” The defendants would liquidate their previously obtained open position, taking advantage of the new contra-price movement and realizing a profit. In ruling for the FCA, the judge hearing the case said, “[m]arket abuse can cause serious harm, not only to other market participants and the many millions of private citizens whose personal wealth and provision for retirement is invested on the financial markets, but also to the reputation of those markets more generally.” The UK High Court hears civil cases and consists of three divisions: the Queen’s Bench, the Chancery and the Family Divisions; appeals from the High Court are made to the UK Court of Appeals and to the UK Supreme Court.
SEC Sanctions ITG and Affiliate for Dark Pool Abuses: ITG Inc. and its affiliate AlterNet Securities (collectively, ITG) agreed to pay US $20.3 million in sanctions to resolve allegations by the Securities and Exchange Commission that ITG impermissibly used confidential trading information in connection with the operation of its dark pool – POSIT. According to the SEC, on multiple occasions between April 2010 and July 2011, ITG routed sell-side customer trades without their knowledge to POSIT against which ITG’s proprietary trading desk (known as “Project Omega”) traded. Typically, Project Omega’s trading algorithm would detect that a client wanted to buy or sell a stock and then would first buy or sell the same stock for ITG at the prevailing best bid or offer price. The algorithm would then immediately place the client’s order for the same stock into POSIT such that ITG would sell to the customer at the best offer price when the client wanted to buy, or buy from the customer at the best bid price when the customer wanted to sell. This would guarantee that ITG would obtain the spread between the best bid and best offer on all such transactions. However, during the relevant time, ITG promoted itself and POSIT as an “independent ‘agency only’ broker that did not have conflicts of interests with its customers and that protected the confidentiality of its customers’ trade information.” As a result of its trading activity against sell-side customers and other proprietary trading activities, ITG realized gross revenues in excess of US $2 million during the relevant time. The SEC charged that ITG committed fraud by not disclosing to its customers that it engaged in proprietary trading operations at the same time it claimed it was only operating an agency business; that it was using confidential client order information; and that it was trading opposite customers in a way that was detrimental to them. The SEC also charged that ITG failed to amend required filings with it prior to implementing Project Omega. To resolve this matter, ITG admitted to the facts charged by the SEC, in addition to agreeing to pay a penalty of US $18 million, disgorgement to customers of US $2,081,204 and prejudgment interest. (Click here for additional information on ITG’s conduct in the article “Dark Pool Operator International Trading Group Announces US $20 Million Reserve for SEC Enforcement Action Settlement” in the August 3 - 7 and 10, 2015 edition of Bridging the Week.)
ALJ Upholds Natural Gas Manipulation Charges Against BP by FERC: An administrative law judge last week upheld charges by the Federal Energy Regulatory Commission initially brought in August 2013 that four BP Group entities manipulated the price of natural gas in the Houston, Texas area from September 18 through November 30, 2008. The four BP entities are: BP Americas, Inc.; BP Corporation North America Inc.; BP America Production Company; and BP Energy Company. FERC enforcement staff had charged that the four entities engaged in manipulative conduct to benefit from a pre-existing spread position involving short index exposure to the price of natural gas at the Houston Ship Channel (HSC) and long index exposure to the price of natural gas at the Henry Hub facility in southern Louisiana near its gulf coast. Prior to September 18, the value of BP’s spread position had increased significantly, after Hurricane Ike struck Texas on September 13, and caused HSC prices to decrease “sharply” compared to Henry Hub prices, noted the ALJ. Enforcement staff had claimed – and the ALJ agreed – that, subsequently, BP engaged in activities to artificially suppress the price of HSC natural gas to further benefit the value of its spread position, including making uneconomic gas sales at HSC. The ALJ concluded that BP’s manipulative conduct was also proved by express conversations between two BP traders. In a 2013 statement, BP claimed that FERC took these conversations totally out of context, claiming “[t]he recording does not support any allegation of wrongdoing.” (Click here to access BP’s full statement.) The ALJ indicated that, under applicable statute, BP could be liable for a penalty of up to US $48 million and disgorgement of profits for its conduct. The actual penalty to be paid by BP will be decided by FERC at a later time. In 2007, BP Products North America settled with the Commodity Futures Trading Commission and the US Department of Justice regarding allegations the firm manipulated and attempted to manipulate the price of propane deliverable in Texas in 2004, among other matters. (Click here to access details of this settlement.)
ESMA Proposes to Rethink Third-Country CCP Recognition Process and Other Aspects of EMIR Framework: The European Securities and Markets Authority published four reports assessing how the European Markets Infrastructure Regulation framework has been operating and providing recommendations to the European Commission for enhancement. Among other recommendations, ESMA suggested that the process for determining clearing obligations should be streamlined, and that a mechanism must be implemented to permit the suspension of clearing obligations if certain market conditions arise (e.g., a clearinghouse fails to operate, or one or more key clearing members default). Also, ESMA proposed that frontloading requirements be reconsidered for over-the-counter contracts entered into before a clearing obligation becomes mandatory. Moreover, ESMA proposed to reconsider its recognition process to determine whether non-EU clearinghouses are subject to equivalent oversight. This is because ESMA’s willingness to largely defer to other regulatory schemes for non-EU clearinghouses might place EU clearinghouses at a competitive disadvantage where such deferral is not reciprocal, claimed ESMA. Finally, ESMA identified various legal and operational issues related to the rollout of customer assets protection regimes contemplated under EMIR that have caused inconsistencies in application among clearinghouses. For example, some issues have arisen because of imprecise definitions or formal definitions that are contrary to industry parlance (e.g., the definition of client), or the practical difficulty of following some of EMIR’s requirements (e.g., the obligation of a clearing member to take over a client’s position after a default but the failure of some CCP rules to accommodate the movement of customer positions from customer accounts to house accounts). Although some of these issues have been addressed through ESMA-issued Q&As, others have not, said ESMA. Among other possible solutions, ESMA recommended that margin periods for computing initial margin levels might be varied for different types of accounts (e.g., individual segregated accounts, gross segregated omnibus accounts and net segregated omnibus accounts).
Disgorgement and Fines Ordered in Two CME Group Disciplinary Actions Alleging Position Limit Violations: The CME Group settled two disciplinary actions for position limit violations by ordering payment of a fine and disgorgement. In one action, against William Kruse, the respondent agreed to pay a fine of US $25,000 and disgorge profits of US $39,897 for initially violating the spot month position limit in feeder cattle futures contracts on August 22, 2014, and inadvertently increasing his position the next business day (August 25) before realizing his limit violation and reducing his position to an acceptable level on August 25. Similarly, Joshua Kirley agreed to pay a fine of US $20,000 and disgorge profits of US $4,364 for violating spot month position limits in corn futures contracts on November 30, 2o12, although he liquidated sufficient positions to come into compliance with the position limits on the same business day. In an unrelated action, the Chicago Board of Trade agreed to settle a disciplinary action with Best Eagle Trading Ltd. because one of its employees allegedly engaged in wash trades involving soybean futures contracts to transfer positions between two firm accounts. The transactions occurred on “numerous occasions” between July 23 and September 27, 2012. To resolve this matter, Best Eagle agreed to pay a fine of US $60,000.
Compliance Weeds: Two lessons learned: If a firm seeks to transfer trades between accounts of the same beneficial ownership, use the designated contract market’s transfer trade provisions. Do not use wash trades or exchange for related position transactions. (Click here to access, e.g., CME Rule 853 and here to access ICE Futures U.S. Rule 4.11 regarding transfer trades.) Likewise, keep in mind it doesn’t matter how long a position limit violation occurs. Even less than 12 minutes is sufficient for a violation. (Click here for more details regarding this reference in the article “FC Stone Companies and Goldman Sachs Receive Largest Fines in CME Group’s 27 Disciplinary Actions Cascade” in the July 26, 2015 edition of Bridging the Week.)
Guggenheim Partners Agrees to Pay US $20 Million Penalty for Alleged Conflicts Non-Disclosure to Clients: Guggenheim Partners Investment Management LLC agreed to pay a US $20 million fine to settle charges by the Securities and Exchange Commission that it failed to disclose a US $50 million loan received by one of its senior executives from an advisory client. The SEC claimed that Guggenheim breached its fiduciary duty to other advisory clients in 2010 when it failed to disclose the loan, and the advisory client providing it subsequently participated in two transactions on different terms than the other Guggenheim advisory clients. In addition, Guggenheim was cited by the SEC for inadvertently charging one client US $6.5 million in advisory fees for investments it did not manage, as well as other violations of law. According to the SEC, Guggenheim only provided the client certain operational services and should only have charged the client for investment management services – an amount much lower than its advisory fees. In addition to paying a fine, Guggenheim agreed to retain an independent consultant to enhance its policies and procedures.
Barbara Duka Obtains Preliminary Injunction Against SEC Prosecuting Her in an Administrative Tribunal: The US federal judge in New York who two weeks ago reserved judgment regarding Barbara Duka’s efforts to enjoin the Securities and Exchange Commission from proceeding with an enforcement action against her before an administrative law judge granted the injunction last week. This was because, claimed the judge, without an injunction, Ms. Duka “would be forced into an unconstitutional proceeding”; would not be able to recover monetary damages from the SEC for any potential harm because the agency enjoys sovereign immunity; and would not be able to obtain an injunction against an administrative hearing by a court of appeals after an administrative hearing because the hearing would already have been concluded. The judge again concluded that Ms. Duka would likely prevail on the merits in any full hearing because an administrative law judge is a so-called “inferior officer” under the US Constitution that can only be appointed by the President, courts of law or by heads of departments (this is part of the so-called “Appointments Clause” of the US Constitution). Here, the administrative law judge proposed to oversee Ms. Duka’s case was not appointed by any commissioners of the SEC. After the US federal judge’s decision, the ALJ scheduled to hear the SEC’s case against Ms. Duka cancelled all pending administrative proceedings. Two weeks ago the US federal judge had given the SEC seven days to cure the method of its ALJ appointment, but the SEC did not correct the appointment method. (Click here for a further discussion in the article “Federal Judges in NY and Georgia Rule Against SEC for Enforcement Action Forum Choice Because of ALJ Selection Process” in the August 3- 7 and 10, 2015 edition of Bridging the Week.)
Legal Weeds: It may seem odd that a US federal judge invites the Securities and Exchange Commission to cure a problem that it warns will cause him otherwise to enjoin commencement of an administrative hearing against the subject of an enforcement action, gives the SEC seven days to fix the problem, but, notwithstanding, the SEC declines the invitation. The SEC must fear that if it, in fact, cures every current situation where an administrative law judge was not appointed by one of its commissioners, it opens to attack under the Appointments Clause of the US Constitution ongoing hearings, as well as prior and pending decisions rendered by ALJs. Stay tuned.
Yet Another Firm Fined by FINRA for Reg SHO Violations: StockCross Financial Services, Inc., agreed to pay a fine of US $800,000 to resolve allegations by the Financial Industry Regulatory Authority that it violated the Securities and Exchange Commission’s Regulation SHO from November 4, 2009, through May 31, 2013. Among other things, Reg SHO requires a clearing participant like StockCross to deliver relevant securities to a registered clearing agency for clearance and settlement on a short sale in any stock by its settlement date. If the relevant securities are not available, the participant must affirmatively close out the fail by no later than the beginning of regular trading hours following the settlement date. It must do so by borrowing or purchasing securities of a like kind and quantity. A participant may not simply offset failed to deliver amounts of a security against like securities the participant ordinarily receives or will receive during the requisite close-out period. Among other violations, FINRA charged StockCross with not executing affirmative buy-in transactions, as required, during the relevant time. According to FINRA, the firm looked at ordinary buy activity during requisite close-out periods, and counted such buy activity against the firm’s close-out obligation. It did not affirmatively purchase 100 percent of failed amounts. In addition, FINRA alleged that, during the relevant time, StockCross did not have appropriate Reg SHO supervisory procedures. In June 2015, Merrill Lynch agreed to pay US $11 million to the Securities and Exchange Commission to resolve alleged Reg SHO violations. (Click here for details in the article “Merrill Lynch Agrees to US $11 Million Payment to Resolve SEC Short Sale Charges” in the June 7, 2015 edition of Bridging the Week.)
Encore! Encore! CFTC Again Extends Relief to Certain Non-US Swap Dealers Relying on US Operations: Staff of three divisions of the Commodity Futures Trading Commission granted no-action relief for the fifth time to non-US swap dealers engaging in over-the-counter swap transactions with other non-US persons. Previously, in November 2013, the CFTC issued an advisory that said if a non-US swap dealer regularly uses personnel or agents in the US to arrange, negotiate or execute swaps with non-US persons, the non-US swaps dealer must comply with certain transaction-level requirements. (Transaction-level requirements address mandatory clearing and swap processing, margining and segregation for uncleared swaps, mandatory trade execution, swap trading relationship documentation, real-time reporting; trade confirmation; daily trading records, and external business conduct standards, among other matters.) However, CFTC staff subsequently delayed the date of compliance with such requirement until January 14, 2o14. Afterwards, the CFTC extended the compliance date three more times, and with this no-action letter, a fifth time overall. In response, Commissioner J. Christopher Giancarlo wrote in a side statement, “[w]hen a regulatory action needs five delays, I think we all can admit that it is just not workable and should be scrapped.” The three divisions that issued this relief are the Divisions of Swap Dealer and Intermediary Oversight, Clearing and Risk and Market Oversight.
My View: If the CFTC adopted a rule and sought to amend it, the Commission would first propose the revised rule and seek public input before adopting a finalized amendment, as required under the Administrative Procedure Act. However, apparently, CFTC staff believe they can amend or even cancel no-action relief unilaterally and unexpectedly – no matter how widespread reliance on the relief may be. In its no-action letter extending certain relief to non-US swaps dealers for the fifth time, three CFTC divisions expressly write, “[a]s with all no-action letters, the Divisions retain the authority to condition further, modify, suspend, terminate or otherwise restrict the terms of the no-action relief provided herein, in its discretion.” If true, this dangling of a Damoclean sword over non-US swap dealers renders Commissioner Giancarlo’s exhortation even more critical to implement: CFTC staff should formally withdraw their November 2013 advisory that said if a non-US swap dealer regularly uses personnel or agents in the US to facilitate swaps with non-US persons, the non-US swaps dealer must comply with certain transaction-level requirements.
And more briefly:
Bank of England Head to Chancellor of the Exchequer: Give Me the Power: Mark Carney, Governor of the Bank of England, suggested the Bank might need more authority to regulate the investment activities of open-ended investment funds and hedge funds. He did this in an August 11, 2015 letter to the Chancellor of the Exchequer in his role as Chairman of the Financial Policy Committee – an independent committee at the Bank established in 2013 to identify, monitor and help resolve systemic risks that might detrimentally impact the UK financial system. Mr. Carney indicated that, over the next year, the FPC will review a “number of activities in the non-bank financial system” to consider their potential systemic risks and will make recommendations as necessary “relating to the boundaries between and within regulated activities and products.”
ICE Futures Europe Updates REMIT Q&As: ICE has updated its Q&As first published last month regarding new reporting obligations by certain market participants related to their wholesale energy transactions under the European Union’s Regulation on Wholesale Energy Market Integrity and Transparency (REMIT). Under REMIT, such transactions (whether executed or unexecuted orders) must be reported via a registered reporting mechanism beginning October 7. ICE will report relevant natural gas and electricity transactions on ICE Endex Derivatives B.V., ICE Endex Gas B.V., ICE Endex Spot Ltd., and ICE Futures Europe via ICE Trade Vault Europe. Impacted market participants are required to obtain an ACER code and provide it and/or a legal entity identifier to the exchanges to enable them to submit required information to ACER. Market participants can opt out of the exchanges’ automatic reporting if they want. REMIT, adopted in 2011, was designed to enhance the transparency and stability of European energy markets while prohibiting insider trading and market manipulation.
For more information, see:
ALJ Upholds Natural Gas Manipulation Charges Against BP by FERC:
Bank of England Head to Chancellor of the Exchequer: Give Me the Power:
Barbara Duka Obtains Preliminary Injunction Against SEC Prosecuting Her in an Administrative Tribunal:
Disgorgement and Fines Ordered in Two CME Group Disciplinary Actions Alleging Position Limit Violations:
Encore! Encore! CFTC Again Extends Relief to Certain Non-US Swap Dealers Relying on US Operations:
See also statement of Commissioner J. Christopher Giancarlo:
ESMA Proposes to Rethink Third-Country CCP Recognition Process and Other Aspects of EMIR Framework:
Guggenheim Partners Agrees to Pay US $20 Million Penalty for Alleged Conflicts Non-Disclosure to Clients:
Hackers and Traders Charged by SEC and Department of Justice in International Securities Fraud Scheme:
Department of Justice (NJ):
ICE Futures Europe Updates REMIT Q&As:
SEC Sanctions ITG and Affiliate for Dark Pool Abuses:
UK High Court Penalizes Traders GBP 7.5 Million for Layering:
Yet Another Firm Fined by FINRA for Reg SHO Violations: